WordPress 1.5.x safe from XML-RPC worm

In case you didn’t already see my post over on the WordPress Development Blog, rest assured that WordPress is safe from the recently announced PHPXMLRPC worm. Some of the articles about this worm point to old information indicating that WP 1.5 is vulnerable, but that is incorrect. Versions 1.2.x and earlier are in danger, however. So if you have any older WP installations, you should upgrade them immediately, or delete the xmlrpc class files as indicated in the post I made on the main WP site.

Other Posts of Interest

This entry was written by Dougal, posted on 11/9/2005 at 9:58 am, filed under Blogs, News, Security, Tech, WordPress and tagged , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

2 Comments

  1. Doug
    Posted 11/10/2005 at 11:56 am | Permalink

    There is something going on that is effecting WordPress sites, though. All of my WordPress sites were down a couple days ago. My host fixed it but they didn’t say what the issue was.

    I’ve seen this on other WordPress sites over the last couple days. For example, Matt’s site seems to be having similar problems at the time of this writing. In Safari, I see an error like this: Safari can’t open the page “http://photomatt.net/”. The error was: “lost network connection” (NSURLErrorDomain:-1005). FireFox just shows a blank page.

    From the command line, I see: $ curl -v http://photomatt.net/
    * About to connect() to photomatt.net port 80
    * Trying 72.36.230.250… * connected
    * Connected to photomatt.net (72.36.230.250) port 80
    > GET / HTTP/1.1
    User-Agent: curl/7.13.1 (powerpc-apple-darwin8.0) libcurl/7.13.1 OpenSSL/0.9.7g zlib/1.2.3
    Host: photomatt.net
    Pragma: no-cache
    Accept: */*
    * Empty reply from server
    * Connection #0 to host photomatt.net left intact
    curl: (52) Empty reply from server
    * Closing connection #0

    When my sites were down, I could get to any of my static pages, but anything WordPress gave errors like those above.

    Any idea what’s going on?

  2. Dave
    Posted 11/11/2005 at 11:58 am | Permalink

    Thanks for the info. That the bad thing about the web, rumor and incorrect info gets passed around like wildfire.

2 Trackbacks

  1. By Datenrettung on 11/9/2005 at 3:24 pm

    [...] WordPress ist ab der Version 1.5 absolut sicher vor diesem neuen Wurm, ist auf Dougal Gunters.org zu lesen. Weniger sicher ist derzeit wieder einmal Windows. Es ist wirklich dringend Datenrettung angesagt. Microsoft gibt wieder einmal zu, dass sein System schlicht knackbar ist. … bis zum nächsten Microsoft Alarm:Datenrettung! [...]

  2. By Gratoria.com » Blog Archive » dashboard on 11/10/2005 at 1:02 am

    [...] Other WordPress News more » Alex King: Should I Host Another WordPress Theme Competition?Dougal Campbell: WordPress 1.5.x safe from XML-RPC wormWeblog Tools Collection: Feedburner Launches Ad NetworkMatt: Customize Yahoo MapsWeblog Tools Collection: Opinion: Is open source a bubble ready to burst?Dev Blog: Don’t Panic! WordPress Is SecureWeblog Tools Collection: WP Theme: SquibleMatt: Plazes on WPWeblog Tools Collection: Top100Bloggers.com SuccessWeblog Tools Collection: Web Logs (sic) go to schoolMike Little: Happy Birthday JanWeblog Tools Collection: If You Want to Lead, BlogWeblog Tools Collection: Topix.net Tagged NewsWeblog Tools Collection: Add Video to Google Talk and SkypeMatt: Go AmazonRyan Boren: Bug HuntWeblog Tools Collection: Connections Reloaded 1.2 releasedWeblog Tools Collection: Star Shaped ThemesWeblog Tools Collection: HOW TO: Boost Your Blog TrafficScripty Goddess: Published… offline   [...]

Post a Comment

Your email is never published nor shared.